[PATCH v2 27/27] kselftest/riscv: kselftest for user mode cfi

Muhammad Usama Anjum usama.anjum at collabora.com
Mon Apr 1 02:46:13 PDT 2024


On 3/30/24 1:02 AM, Deepak Gupta wrote:
> On Fri, Mar 29, 2024 at 12:50 PM Muhammad Usama Anjum
> <usama.anjum at collabora.com> wrote:
>>
>> On 3/29/24 9:44 AM, Deepak Gupta wrote:
>>> Adds kselftest for RISC-V control flow integrity implementation for user
>>> mode. There is not a lot going on in kernel for enabling landing pad for
>>> user mode. Thus kselftest simply enables landing pad for the binary and
>>> a signal handler is registered for SIGSEGV. Any control flow violation are
>>> reported as SIGSEGV with si_code = SEGV_CPERR. Test will fail on recieving
>>> any SEGV_CPERR. Shadow stack part has more changes in kernel and thus there
>>> are separate tests for that
>>>       - enable and disable
>>>       - Exercise `map_shadow_stack` syscall
>>>       - `fork` test to make sure COW works for shadow stack pages
>>>       - gup tests
>>>         As of today kernel uses FOLL_FORCE when access happens to memory via
>>>         /proc/<pid>/mem. Not breaking that for shadow stack
>>>       - signal test. Make sure signal delivery results in token creation on
>>>       shadow stack and consumes (and verifies) token on sigreturn
>>>     - shadow stack protection test. attempts to write using regular store
>>>         instruction on shadow stack memory must result in access faults
>>>
>>> Signed-off-by: Deepak Gupta <debug at rivosinc.com>
>>> ---
>>>  tools/testing/selftests/riscv/Makefile        |   2 +-
>>>  tools/testing/selftests/riscv/cfi/Makefile    |  10 +
>>>  .../testing/selftests/riscv/cfi/cfi_rv_test.h |  85 ++++
>>>  .../selftests/riscv/cfi/riscv_cfi_test.c      |  91 +++++
>>>  .../testing/selftests/riscv/cfi/shadowstack.c | 376 ++++++++++++++++++
>>>  .../testing/selftests/riscv/cfi/shadowstack.h |  39 ++
>> Please add generated binaries in the .gitignore files.
> 
> hmm...
> I don't see binary as part of the patch. Which file are you referring
> to here being binary?
shadowstack would be generated by the build. Create a .gitignore file and
add it there. For example, look at
tools/testing/selftests/riscv/vector/.gitignore to understand.


> 
>>
> 

-- 
BR,
Muhammad Usama Anjum



More information about the linux-riscv mailing list